Top Cybersecurity Accounts to Follow on Twitter

​​​​​​​​More than 15 years after the launch of the microblogging social media platform, Twitter remains a dominant public forum for instant communication with individuals and organizations worldwide on a universe of topics, including #cybersecurity.

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Our review considered experience in enterprise cybersecurity, contributions to research and real-time developments, and Twitter-specific metrics like following and activity frequency.

Top Cybersecurity Experts to Follow on Twitter

Aleksandra Doniec | @hasherezade

One of Europe’s top malware analysts thanks to her work for places like Malwarebytes, Aleksandra Doniec has provided a number of in-depth ransomware analyses and security tools throughout her career. Her contributions were significant enough to have her included in Forbes’ 2018 “30 Under 30 Europe” in the Technology category. Her private account offers a host of cybersecurity insights, particularly related to malware and ransomware, along with personal tweets. Her website also provides links to some of the useful cybersecurity tools and scripts she has created over the years, many of them open source.

My new paper for @MBThreatIntel: "#JSSLoader – the #shellcode edition" : https://t.co/gzpnhlr6mf // #FIN7 pic.twitter.com/Vi6LJgXUhI

— hasherezade (@hasherezade) August 18, 2022

Binni Shah | @binitamshah

Security enthusiast and Linux evangelist Binni Shah consistently offers valuable tutorials, guides, and insights for the cybersecurity community. Shah provides her expertise in hacking, software development, and kernel development and advocates for open source initiatives.

lazydocker : A simple terminal UI for both docker and docker-compose : https://t.co/pHVk3NJMoK pic.twitter.com/HsK17rzg8m

— Binni Shah (@binitamshah) July 1, 2019

Brian Krebs | @briankrebs

Brian Krebs is an independent investigative reporter known for his coverage of technology, malware, data breaches, and cybercrime developments. Krebs wrote for The Washington Post between 1995 and 2009 before launching his current blog KrebsOnSecurity.com.

ICYMI, Equifax forced to pull offline a huge database of consumer data guarded only by credentials "admin/admin" https://t.co/qsbcWct4pY

— briankrebs (@briankrebs) September 13, 2017

Bruce Schneier | @schneierblog

Security technologist Bruce Schneier was respected long before the launch of Twitter. His 1994 book detailing cryptographic algorithms (Applied Cryptography) was just the beginning of his contributions to technical perspectives on system design, cybersecurity, privacy, and more.

Facebook Plans on Backdooring WhatsApp https://t.co/fs430beu2W

— Schneier Blog (@schneierblog) August 1, 2019

Dave Kennedy | @hackingdave

Dave Kennedy started as forensic analysis and cyber warfare specialist in the US Marine Corps before entering the enterprise space. Kennedy founded cybersecurity-focused TrustedSec and Binary Defense Systems and co-authored Metasploit: The Penetration Tester’s Guide.

Lots of accounts including Bezos, Elon Musk, Joe Biden, Barack Obama, Bill Gates, Mr Beast, and a ton more getting hacked for a bitcoin scheme.

Normally account take overs are due to insecure passwords or recovery options, this is definitely something different.

— Dave Kennedy (@HackingDave) July 15, 2020

Eugene Kaspersky | @e_kaspersky

Russian software engineer Eugene Kaspersky’s frustration with the malware of the 80s and 90s led to the founding of antivirus and cybersecurity vendor Kaspersky Lab. Kaspersky currently serves as CEO and a distinguished cybersecurity expert in the international community.

In-depth technical analysis of a new method of extracting user cardholder data from compromised websites using legit Google Analytics protocol ⇒ https://t.co/cqkWVvA3kT pic.twitter.com/cVIyB44o6q

— Eugene Kaspersky (@e_kaspersky) June 22, 2020

Also read: Top Endpoint Detection and Response (EDR) Solutions

Eva Galperin | @evacide

Starting with her first desktop on a Unix machine at age 12, Eva Galperin’s contributions to cybersecurity include research on malware and privacy. Galperin is the current Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and noted free speech advocate.

October is now BGP Awareness Month.

— Eva (@evacide) October 4, 2021

Graham Cluley | @gcluley

Graham Cluley started as a videogame developer and antivirus programmer three decades ago before serving in senior roles at Sophos and McAfee. In recent years, Cluley has been well-known for his cybersecurity analysis, blog, and award-winning podcast Smashing Security.

Denial-of-Suez attack. pic.twitter.com/gvP2ne9kTR

— Graham Cluley 🇺🇦 (@gcluley) March 25, 2021

Jack Daniel | @jack_daniel

Longtime network and system administrator Jack Daniel is a technology community activist, mentor, and storyteller. His contributions include founding Security BSides, serving as Strategist for Tenable, speaking at conferences, and co-hosting the podcast Security Voices.

How to screen for natural infosec talent:
Ask for a worst case scenario for any common situation. If the answer appalls you and keeps you up at night, HIRE THEM!

— Jack Daniel (is doing stuff and often offline) (@jack_daniel) October 10, 2018

Jason Haddix | @JHaddix

Through tenures at Citrix, HP, and Bugcrowd, Jason Haddix offers his expertise in the areas of penetration testing, web application testing, static analysis, and more. Haddix continues to provide his insights while serving as the Head of Security and Risk Management for Ubisoft.

Excited to announce that @codingo_ and I are currently working on “The Bug Hunter’s Methodology” book. The book will focus on cutting edge web red team, pentester, and bug bounty topics. Tools, methods, automation, and no BS.

— Jason Haddix (@Jhaddix) July 27, 2019

Jayson E. Street @jaysonstreet

Jayson E. Street is an expert in penetration testing, detection and response, pen testing, and auditing and co-author of Dissecting the Hack: The F0rb1dd3n Network. Street is an industry-respected speaker and analyst and currently is the VP of InfoSec for SphereNY.

My weird path to #infosec:

High School Dropout
Janitor at MC Donald's
Security Officer
Supplemental Officer
Security Officer
Call Center Tech Support
In house desktop support
***Network Security Administrator*** https://t.co/FVIkNC1Y2O

— Jayson E. Street 💙 🤗💛 Hacker – Helper – Human (@jaysonstreet) March 3, 2018

Read more: Top IT Asset Management Tools for Security

Jeremiah Grossman | @jeremiahg

With deep industry experience, Jeremiah Grossman was the Information Security Officer for Yahoo!, founder and CTO of WhiteHat Security, and most recently Chief of Security Strategy for SentinelOne. Currently CEO of Bit Discovery, Grossman is an innovative industry leader.

Not so long ago there was something called a "telephone book" that published effectively everyone’s name, address, and telephone number — PUBLICLY. Today, when that same data is [mistakely] made available online it’s called a data breach.

Culturally, what changed?

— Jeremiah Grossman (@jeremiahg) December 5, 2019

Marcus J. Carey | @marcusjcarey

Marcus J. Carey started his cybersecurity career assisting federal agencies with pen testing, incident response, and digital forensics. Two decades later, the information security expert is a distinguished author (Tribe of Hackers), entrepreneur, and speaker.

The FaceTime bug definitely proves that your phone can be used as a remote listening device "without any authentication".

— Marcus J. Carey (@marcusjcarey) January 29, 2019

Maria Markstedter | @Fox0x01

As managing vulnerabilities in embedded systems become increasingly crucial to cybersecurity, Maria Markstedter offers her expertise as an independent security researcher and founder of Azeria Labs. Markstedter actively contributes to filling the infosec education gap.

My first tutorial series on ARM Assembly Basics is finally finished. If you're new to ARM, this tutorial is for you:https://t.co/N9UWzkTH3i pic.twitter.com/nmilxbBYpK

— Azeria (@Fox0x01) May 27, 2017

Matthew Green | @matthew_d_green

Matthew Green is a renowned expert in cryptographic engineering. Green’s contributions to applied cryptography are profound, and his other research includes securing storage and payment systems. He is currently an Associate Professor at John Hopkins University.

If the US government dictating iPhone encryption design sounds ok to you, ask yourself how you'll feel when China demands the same.

— Matthew Green (@matthew_d_green) February 17, 2016

Katie Moussouris | @k8em0

Katie Moussouris’ resume includes studying at MIT and Harvard, enterprise experience at Symantec and Microsoft, and years of promoting bug bounty programs and white hat hacking. Today, Moussouris is the founder and CEO of cybersecurity consultancy Luta Security.

Exploit bugs not people.

— Katie🌻M🎃ussouris (she/her) (@k8em0) September 18, 2019

Also read: Top Next-Generation Firewall (NGFW) Vendors

Kevin Mitnick | @kevinmitnick

Formerly on the FBI’s Most Wanted list, Kevin Mitnick is a crucial figure in the history of information security, including approaches to social engineering and penetration testing. Today, Mitnick operates his consultancy and serves as Chief Hacking Officer for KnowBe4.

I was released from federal detention 18 years ago today for a little bit of hacking 😉
Life is much, much better today as I’ve dedicated my time, energy, and passion to helping others improve their security.

— Kevin Mitnick (@kevinmitnick) January 20, 2018

Lesley Carhart | @hacks4pancakes

IT industry veteran and former Hacker of the Year Lesley Carhart consistently contributes to research and dialogue around incident response, digital forensics, industrial control system security, and more. Carhart is currently the Principal Industrial Incident Responder at Dragos.

MySpace taught a whole generation of girls to learn to write HTML on their own terms outside of class and without parental pressure, and I sometimes worry if anything popular today forces young people to learn to build tech stuff other than video editing on their own anymore.

— Lesley Carhart (@hacks4pancakes) April 30, 2021

Mikko Hyppönen | @mikko

Mikko Hyppönen is the veteran chief research officer of Finish cybersecurity company F-Secure. After three decades of experience analyzing and following the latest security threats, Hyppönen continues to offer his perspective on privacy, cybersecurity, and so-called “smart” devices.

Breaking: Mars becomes the second planet that has more computers running Linux than Windows. pic.twitter.com/bsx0HukK9P

— @mikko (@mikko) February 19, 2021

Paul Asadoorian | @securityweekly

Once a penetration tester, Paul Asadoorian has been the founder and CEO of Security Weekly and host of a weekly show since 2005. Asadoorian has built a cybersecurity media force while also serving as a partner for Offensive Countermeasures and Tenable Product Evangelist.

At hospital now with wife, in labor, looking at monitor and says "See the baby's heartbeat?" me: "Is that Windows 98?!?"

— Paul Asadoorian (@securityweekly) June 7, 2016

Read more: Top IoT Security Solutions of 2021

Parisa Tabriz | @laparisa

Google’s Security Princess is Parisa Tabriz, one of the technology giant’s most esteemed hackers. Tabriz has led Google Chrome’s security since 2013, which extends to managing Product, Engineering, and UX today. Tabriz is a tireless advocate for ethical hacking.

TIL: middle schoolers use @Google Docs as a chat app & @Google Sheets as a form of Slack (each slide is a new topic/channel) since other products are blocked at class. Ingenious! h/t @danshapiro

Any other product hacks the kiddos are doing?

— Parisa Tabriz (@laparisa) January 26, 2020

Rachel Tobac | @RachelTobac

Three-time winner of DEF CON’s Social Engineering Capture the Flag Contest, Rachel Tobac is a hacker and CEO of SocialProof Security. Tobac’s expertise in social engineering and spreading awareness provides excellent insight into today’s sophisticated threats.

To reach the ~youth~ we're going to have to make infosec sea shanties, aren't we? Guess so!
Behold the tale of kid who reuses their passwords & ends up pwn'd, then learns how to stay safe. We're on a mission to encourage unique passwords stored in a password manager with MFA on. pic.twitter.com/QDL9cjUOiC

— Rachel Tobac (@RachelTobac) January 22, 2021

Richard Bejtlich | @taosecurity

Richard Bejtlich is the former first Director of Incident Response for General Electric and C-suite executive for FireEye and Mandiant. Since 2003, Bejtlich’s blog TaoSecurity has been a leading resource for network security monitoring practices and cybersecurity trends.

DNS over HTTPS is a sensitive info grab by whomever Web browsers partner with, yet it's sold as a "privacy enhancement." Instead of keeping DNS for most consumers at their ISP, the DoH providers now seize a Web usage goldmine. The majority will not change their browser defaults.

— Richard Bejtlich 💾 🇺🇦 (@taosecurity) May 26, 2020

Robert M. Lee | @RobertMLee

Founder and CEO of Dragos Robert M. Lee started his career as a Cyber Warfare Operations Officer for the U.S. Air Force before building the SANS Institute’s first dedicated ICS monitoring courses. Lee continues to be a leading voice critical infrastructure cybersecurity space.

I’m not an alarmist but I would sincerely advise folks working in infrastructure to understand their connections in and out of the ICS and be proactive in security over the next few weeks at a minimum. I have no specific intel on this only concern given recent developments

— Robert M. Lee (@RobertMLee) January 3, 2020

Read more: Top 11 Breach and Attack Simulation (BAS) Vendors

Runa Sandvik | @runasand

Runa Sandvik was a hacker and early developer of the Tor network before her rise to senior director of information security for the New York Times. Today Sandvik is an independent researcher and consultant and advocate for strengthening freedom of the press and privacy.

If only we talked about passwords, two-factor and updates as much as we do 0days and nation states. https://t.co/fyRdeIMcpy

— Runa Sandvik (@runasand) March 8, 2017

Samy Kamkar | @samykamkar

Hacker, researcher, and entrepreneur Samy Kamkar launched a unified communications company as a teen before setting off an XSS attack against MySpace. Lesson learned Kamkar continues to test security integrity as co-founder and CSO of Openpath Security.

I've released NAT Slipstreaming, a spooky new technique that allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim’s NAT/firewall, just by the victim visiting a website. https://t.co/UlOnJPftTv Happy Halloween! pic.twitter.com/xorDXoh2uk

— samy kamkar (@samykamkar) October 31, 2020

 

SwiftOnSecurity | @SwiftOnSecurity

The pseudonymous information security expert known as SwiftOnSecurity is a prominent voice in the universe of cybersecurity. They continually offer a balanced dose of genuine insight into systems and security with the funniest and hardest-hitting memes for SysAdmin. 

Reviving this meme pic.twitter.com/20D35qPx02

— SwiftOnSecurity (@SwiftOnSecurity) October 31, 2021

Also read: Top Threat Intelligence Platforms

Tavis Ormandy | @taviso

Tavis Ormandy is an ethical hacker and an information security engineer for Google Project Zero. Ormandy’s expertise includes vulnerability hunting, research, and software development with a bundle of GitHub contributions and published research.

I'm publishing some 🔥 research today, a major design flaw in Windows that's existed for almost *two decades*. I wrote a blog post on the story of the discovery all the way through to exploitation. https://t.co/1DFW2VGQRb

— Tavis Ormandy (@taviso) August 13, 2019

Thaddeus Grugq | @thegrugq

Commonly known as just the Grugq, Thaddeus Grugq is a security researcher and hacker known for publications and commentary regarding forensic analysis, international espionage, and cybersecurity. In recent years, Grugq has talked openly about high-end exploit brokering.

You are going to be phished long before you are going to be hit with CIA 0days. Enable 2FA and get a password manager.

— thaddeus e. grugq 🌻 (@thegrugq) March 8, 2017

Troy Hunt | @troyhunt

Troy Hunt is an Australian web security consultant and perhaps most known for his project Have I Been Pwned (HIBP), which helps users confirm if their data was compromised due to a breach. After 14 years of enterprise experience at Pfizer, Hunt offers his expertise in a weekly vlog.

People have been telling me to do this for ages so here it is – I'm open sourcing the code base for @haveibeenpwned. It's non-trivial, but it's the right thing to do. Here's the story: https://t.co/1Z8YwQvYaE

— Troy Hunt (@troyhunt) August 7, 2020

Read more: Top Cybersecurity Companies

Article Updated by Zephin Livingston on October 3, 2022